Administrators Marcos 5,466 Posted February 8, 2021 Administrators Posted February 8, 2021 Do you experience any issues with cleaning the threat? Is it recurring?
baran 0 Posted February 8, 2021 Author Posted February 8, 2021 Yes, it is constantly detected and deleted on all systems on the network Why do it again?
Administrators Marcos 5,466 Posted February 8, 2021 Administrators Posted February 8, 2021 Please provide logs collected with ESET Log Collector from such machine.
baran 0 Posted February 8, 2021 Author Posted February 8, 2021 what log? witch one? you need Default Threat Detection All: None Custom
Administrators Marcos 5,466 Posted February 8, 2021 Administrators Posted February 8, 2021 Default template is ok unless we explicitly ask to use a non-default one.
Administrators Marcos 5,466 Posted February 8, 2021 Administrators Posted February 8, 2021 The malware is being copied to network shares from a remote machine with SR**********S\Administrator logged in. Please carry on as follows: - close any unnecessary network-aware applications that generate network traffic - enable advanced network protection logging in the adv. setup -> tools -> diagnostics - wait until the malware is detected - disable logging - collect fresh logs with ELC.
Recommended Posts